Skip to main content

Secure Boot Configuration

Table 1. Secure Boot Configuration
ItemOperationDescription
Secure Boot Status

  • Disabled

  • Enabled

Display the current secure boot status.

Secure Boot Mode

  • Setup Mode

  • User Mode

System performs secure boot authentication when this feature is set to [User Mode] and secure boot is enabled.

Secure Boot Setting

  • Enabled

  • Disabled (Default)

When [Enabled] is selected, the Secure Boot feature is Active, Platform Key (PK) is enrolled, and the system is in user mode.

To change the mode, resetting the platform is required.

Secure Boot Policy

  • Factory Policy (Default)

  • Custom Policy

  • Delete All Keys

  • Delete PK

  • Reset All Keys to Default

Secure Boot policy options:

[Factory Policy]: Factory default keys will be used after reboot.

[Custom Policy]: Customized keys will be used after reboot.

[Delete All Keys]: PK, KEK, DB, and DBX will be deleted after reboot.

[Delete PK]: PK will be deleted after reboot.

[Reset All Keys to Default]: All keys will be set to factory defaults and Secure Boot Policy will be set to [Factory Policy] after reboot.

Note

  • Secure Boot Mode will be set to [Setup Mode] and Secure Boot Policy will be set to [Custom Policy] after PK is deleted.

  • The options cannot be loaded to default in Setup Utility.

View Secure Boot Keys

N/A

View details of:

  • PK (Platform Key)

  • KEK (Key Exchange Key)

  • DB (Authorized Signature Database)

  • DBX (Forbidden Signature Database)

Secure Boot Custom Policy

N/A

Customize PK, KEK, DB, and DBX.

Note
This feature appears only when Secure Boot Policy is set to [Custom Policy].